News:

cpg1.5.46 Security release - upgrade mandatory!The Coppermine development team is releasing a security update for Coppermine in order to counter recently discovered vulnerabilities. It is important that all users who run version cpg1.5.44 or older update to this latest version as soon as possible.[more]

Just for your information, this isn't fixed in the latest cpg1.4.19 build.

True. 1.4.19 was released in August and this fix was applied in October.

The fix has been applied to the SVN repository for 1.4.x which means it will be in any release of 1.4 from 1.4.20 and up, whenever they may be. And it was applied to the SVN repository for 1.5.x (although it was since rendered moot due to code changes).

So you need to apply the fix manually in 1.4.19 and earlier, as you suggested.